search

lionheart / openradar-mirror

A mirror of radars pulled from http://openradar.me/.
244 stars 17 forks source link

23248174: CCCrypt returns kCCSuccess in error case and leaks cleartext #7467

Closed openradar-mirror closed 8 years ago

openradar-mirror commented 8 years ago

Description

Summary: When calling CCCrypt with kCCAlgorithmAES128 and using a key not having a length corresponding kCCBlockSizeAES128, CCCrypt returns the PLAINTEXT inside the CIPHERTEXT buffer and kCCSuccess as result value. It should return kCCParamError.

Steps to Reproduce:

import <CommonCrypto/CommonCryptor.h>

call CCCrypt

Expected Results: CCCryptorStatus theResult = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, theEncryptionKey.bytes, theEncryptionKey.length, // not multiple of kCCBlockSizeAES128 inIV.bytes, inData.bytes, inData.length, theCipherText.mutableBytes, theCipherText.length, &outLength);

Actual Results: CCCCryptorStatus returns kCCSuccess and the returned ciphertext is the _plain_text.

Cleartext: 1234 Ciphertext: <31323334 0c0c0c0c 0c0c0c0c 0c0c0c0c> // which is the hex representation of '1234'

Product Version: all Created: 2016-01-22T08:43:16.472020 Originated: 2015-10-24T00:00:00 Open Radar Link: http://www.openradar.me/23248174

openradar-mirror commented 8 years ago

Resolved: no Modified: 2016-01-25T21:32:15.108790